An entity called Account is used in CzechIdM to represent object in connected system. In other words object on connected system is linked to CzechIdM entity like Role via Account entity.

 Accounts linked to connected system objects

CzechIdM supports linking objects to CzechIdM entities during Synchronization. Moreover administrators can link them manually e.g. to correct the data state after e.g. AD admins did some unwanted change. Linking objects and entities via accounts allows CzechIdM to support interesting features:

  • Identities can have multiple accounts, for example to manage test or system objects on connected systems.
  • Objects on connected systems can be renamed. E.g Group in MS AD can move (changed their DN)
  • Accounts can be in Protected state.

In protected state objects linked to affected account are not deleted from connected systems. Thus

  • Administrators can set CzechIdM to move objects to archive or trash rather than deleting them
  • Objects are kept in the archive for a define period of time, after that CzechIdM will delete them in a standard way. If the time period is not defined, objects are not deleted ever.

 Protected state

Protected state can be used on systems on which it is not desired to delete objects instantly for example MS Exchange. This way users can get some time to move their mails before mailboxes are deleted.

Read more

  • by kopro